View Full Version : fsockopen or SSL

08-13-2012, 05:22 PM
Which is more secure when POSTing to a script on the same server but on different subdomains?

$fp = fsockopen('ssl://www.mysite.com', 443);

$fp = fsockopen('', 80);

I am thinking the later because no data is going over the Internet???

I'm on a Windows box. I tried moving the script, that's being POSTed to, out of the web root for security but I could not figure out how to specify the path. Is this even possible?

Is fsockopen the best way to do this or should I use something else since both scripts are on localhost?

Thanks :),


08-13-2012, 05:53 PM
Retaining on localhost makes the most sense to me security wise, as it will loopback at the local level instead. Subdomains should be alright to use as well, so long as the localhost knows what to do with it once received, or a more specific path is targeted.

If you need to post it, then sockets or curl are really your only feasible options. You can't move it above the web root if it needs posting (as it must be handled by the http in order to parse it). If I get a chance, I can try testing with a stream wrapper to see if I can override that to treat it as a parsed file above directory root, in which case you are effectively issuing POST headers to a file run with fopen. Not sure offhand if its doable though.

08-13-2012, 06:00 PM
Fou-Lu, thanks!

That's what I thought but I know very little about PHP. Just wanted a second, third or fourth opinion :)